Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e8e25b8

Browse files
michaelnebelmichaelnebel
committed
C#: Re-factor HashWithoutSalt to use the new API.
1 parent c7b0ae8 commit e8e25b8

1 file changed

Lines changed: 10 additions & 10 deletions

File tree

csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
import csharp
1313
import semmle.code.csharp.dataflow.DataFlow2
1414
import semmle.code.csharp.dataflow.TaintTracking2
15-
import DataFlow::PathGraph
15+
import HashWithoutSalt::PathGraph
1616

1717
/** The C# class `Windows.Security.Cryptography.Core.HashAlgorithmProvider`. */
1818
class HashAlgorithmProvider extends RefType {
@@ -120,12 +120,10 @@ predicate hasHashAncestor(MethodCall mc) {
120120
* Taint configuration tracking flow from an expression whose name suggests it holds
121121
* password data to a method call that generates a hash without a salt.
122122
*/
123-
class HashWithoutSaltConfiguration extends TaintTracking::Configuration {
124-
HashWithoutSaltConfiguration() { this = "HashWithoutSaltConfiguration" }
123+
module HashWithoutSaltConfig implements DataFlow::ConfigSig {
124+
predicate isSource(DataFlow::Node source) { source.asExpr() instanceof PasswordVarExpr }
125125

126-
override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof PasswordVarExpr }
127-
128-
override predicate isSink(DataFlow::Node sink) {
126+
predicate isSink(DataFlow::Node sink) {
129127
exists(MethodCall mc |
130128
sink.asExpr() = mc.getArgument(0) and
131129
isHashCall(mc) and
@@ -148,7 +146,7 @@ class HashWithoutSaltConfiguration extends TaintTracking::Configuration {
148146
)
149147
}
150148

151-
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
149+
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
152150
exists(MethodCall mc |
153151
mc.getTarget()
154152
.hasQualifiedName("Windows.Security.Cryptography", "CryptographicBuffer",
@@ -166,7 +164,7 @@ class HashWithoutSaltConfiguration extends TaintTracking::Configuration {
166164
* `byte[] saltedPassword = sha256.ComputeHash(rawSalted);`
167165
* Or the password is concatenated with a salt as a string.
168166
*/
169-
override predicate isSanitizer(DataFlow::Node node) {
167+
predicate isBarrier(DataFlow::Node node) {
170168
exists(MethodCall mc |
171169
hasFurtherProcessing(mc) and
172170
mc.getAnArgument() = node.asExpr()
@@ -194,7 +192,9 @@ class HashWithoutSaltConfiguration extends TaintTracking::Configuration {
194192
}
195193
}
196194

197-
from DataFlow::PathNode source, DataFlow::PathNode sink, HashWithoutSaltConfiguration c
198-
where c.hasFlowPath(source, sink)
195+
module HashWithoutSalt = TaintTracking::Global<HashWithoutSaltConfig>;
196+
197+
from HashWithoutSalt::PathNode source, HashWithoutSalt::PathNode sink
198+
where HashWithoutSalt::flowPath(source, sink)
199199
select sink.getNode(), source, sink, "$@ is hashed without a salt.", source.getNode(),
200200
"The password"

0 commit comments

Comments
 (0)